I have a remote user logging into a PIX506E through Microsoft Windows PPTP client. And once on VPN, he is not able to access his Internet. I believe it is a characteristic of software VPN but is there anyway he can browse the Internet changing routing tables etc or which way is best to go with?
As an alternative, if I use ASA unit, I know this doesnt support PPTP and wanted to know if there is another way to go with other than using Cisco VPN client.
Typically, I would like to use PIX506E without additional VPN client and able to browse the Internet if possible.
Ok 2 things one, yes you are correct that you need an ACL for your Remote clients but that is a standard access list like the one above. Secondly you do need to add the remote VPN IP space to your existing nonat access list. DO NOT remove your others just add the IP space you are using for your VPN clients. example below
access-list nonat permit ip (Internal addresss space) (VPN client DHCP address space)